TY - GEN
T1 - Key-Recovery Fault Injection Attack on the Classic McEliece KEM
AU - Pircher, Sabine
AU - Geier, Johannes
AU - Danner, Julian
AU - Mueller-Gritschneder, Daniel
AU - Wachter-Zeh, Antonia
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - We present a key-recovery fault injection attack on the Classic McEliece Key Encapsulation Mechanism (KEM). The fault injections target the error-locator polynomial of the Goppa code and the validity checks in the decryption algorithm, making a chosen ciphertext attack possible. Faulty decryption outputs are used to generate a system of polynomial equations in the secret support elements of the Goppa code. After solving the equations, we can determine a suitable Goppa polynomial and form an alternative secret key. To demonstrate the feasibility of the attack on hardware, we simulate the fault injections on virtual prototypes of two RISC-V cores at register-transfer level.
AB - We present a key-recovery fault injection attack on the Classic McEliece Key Encapsulation Mechanism (KEM). The fault injections target the error-locator polynomial of the Goppa code and the validity checks in the decryption algorithm, making a chosen ciphertext attack possible. Faulty decryption outputs are used to generate a system of polynomial equations in the secret support elements of the Goppa code. After solving the equations, we can determine a suitable Goppa polynomial and form an alternative secret key. To demonstrate the feasibility of the attack on hardware, we simulate the fault injections on virtual prototypes of two RISC-V cores at register-transfer level.
KW - Classic McEliece
KW - Fault Attack
KW - Key Encapsulation Mechanism
KW - Key Recovery
KW - Laser Fault Injections
KW - Post-Quantum Cryptography
UR - http://www.scopus.com/inward/record.url?scp=85152530042&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-29689-5_3
DO - 10.1007/978-3-031-29689-5_3
M3 - Conference contribution
AN - SCOPUS:85152530042
SN - 9783031296888
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 37
EP - 61
BT - Code-Based Cryptography - 10th International Workshop, CBCrypto 2022, Revised Selected Papers
A2 - Deneuville, Jean-Christophe
PB - Springer Science and Business Media Deutschland GmbH
T2 - 10th International Workshop on Code-Based Cryptography, CBCrypto 2022
Y2 - 29 May 2022 through 30 May 2022
ER -